diff options
| -rw-r--r-- | executor/common_linux.h | 6 | ||||
| -rw-r--r-- | pkg/build/linux_generated.go | 2 | ||||
| -rw-r--r-- | pkg/csource/generated.go | 3 | ||||
| -rwxr-xr-x | tools/create-gce-image.sh | 2 | ||||
| -rwxr-xr-x | tools/create-image.sh | 9 |
5 files changed, 9 insertions, 13 deletions
diff --git a/executor/common_linux.h b/executor/common_linux.h index 16b78e99a..98489f12d 100644 --- a/executor/common_linux.h +++ b/executor/common_linux.h @@ -4587,6 +4587,8 @@ static void setup_usb() static void setup_sysctl() { + // TODO: consider moving all sysctl's into CMDLINE config later. + // Kernel has support for setting sysctl's via command line since 3db978d480e28 (v5.8). static struct { const char* name; const char* data; @@ -4612,6 +4614,10 @@ static void setup_sysctl() {"/proc/sys/fs/mount-max", "100"}, // Dumping all tasks to console can take too long. {"/proc/sys/vm/oom_dump_tasks", "0"}, + // Executor hits lots of SIGSEGVs, no point in logging them. + {"/proc/sys/debug/exception-trace", "0"}, + {"/proc/sys/kernel/printk", "7 4 1 3"}, + {"/proc/sys/net/ipv4/ping_group_range", "0 65535"}, }; for (size_t i = 0; i < sizeof(files) / sizeof(files[0]); i++) { if (!write_file(files[i].name, files[i].data)) diff --git a/pkg/build/linux_generated.go b/pkg/build/linux_generated.go index e35428f18..78c55fd79 100644 --- a/pkg/build/linux_generated.go +++ b/pkg/build/linux_generated.go @@ -101,8 +101,6 @@ echo 'ATTR{name}=="vim2m", SYMLINK+="vim2m"' | sudo tee -a disk.mnt/etc/udev/rul echo 'SUBSYSTEMS=="pci", DRIVERS=="i915", SYMLINK+="i915"' | sudo tee -a disk.mnt/etc/udev/rules.d/60-drm.rules -echo "kernel.printk = 7 4 1 3" | sudo tee -a disk.mnt/etc/sysctl.conf -echo "debug.exception-trace = 0" | sudo tee -a disk.mnt/etc/sysctl.conf SYZ_SYSCTL_FILE="${SYZ_SYSCTL_FILE:-}" if [ "$SYZ_SYSCTL_FILE" != "" ]; then cat $SYZ_SYSCTL_FILE | sudo tee -a disk.mnt/etc/sysctl.conf diff --git a/pkg/csource/generated.go b/pkg/csource/generated.go index 5e234d47a..2c2c7c398 100644 --- a/pkg/csource/generated.go +++ b/pkg/csource/generated.go @@ -9385,6 +9385,9 @@ static void setup_sysctl() {"/proc/sys/kernel/softlockup_all_cpu_backtrace", "1"}, {"/proc/sys/fs/mount-max", "100"}, {"/proc/sys/vm/oom_dump_tasks", "0"}, + {"/proc/sys/debug/exception-trace", "0"}, + {"/proc/sys/kernel/printk", "7 4 1 3"}, + {"/proc/sys/net/ipv4/ping_group_range", "0 65535"}, }; for (size_t i = 0; i < sizeof(files) / sizeof(files[0]); i++) { if (!write_file(files[i].name, files[i].data)) diff --git a/tools/create-gce-image.sh b/tools/create-gce-image.sh index 075143fcc..86aa8ef36 100755 --- a/tools/create-gce-image.sh +++ b/tools/create-gce-image.sh @@ -154,8 +154,6 @@ echo 'ATTR{name}=="vim2m", SYMLINK+="vim2m"' | sudo tee -a disk.mnt/etc/udev/rul echo 'SUBSYSTEMS=="pci", DRIVERS=="i915", SYMLINK+="i915"' | sudo tee -a disk.mnt/etc/udev/rules.d/60-drm.rules # sysctls -echo "kernel.printk = 7 4 1 3" | sudo tee -a disk.mnt/etc/sysctl.conf -echo "debug.exception-trace = 0" | sudo tee -a disk.mnt/etc/sysctl.conf SYZ_SYSCTL_FILE="${SYZ_SYSCTL_FILE:-}" if [ "$SYZ_SYSCTL_FILE" != "" ]; then cat $SYZ_SYSCTL_FILE | sudo tee -a disk.mnt/etc/sysctl.conf diff --git a/tools/create-image.sh b/tools/create-image.sh index 0a71efb7a..4dd9b2594 100755 --- a/tools/create-image.sh +++ b/tools/create-image.sh @@ -162,15 +162,6 @@ echo 'debugfs /sys/kernel/debug debugfs defaults 0 0' | sudo tee -a $DIR/etc/fst echo 'securityfs /sys/kernel/security securityfs defaults 0 0' | sudo tee -a $DIR/etc/fstab echo 'configfs /sys/kernel/config/ configfs defaults 0 0' | sudo tee -a $DIR/etc/fstab echo 'binfmt_misc /proc/sys/fs/binfmt_misc binfmt_misc defaults 0 0' | sudo tee -a $DIR/etc/fstab -echo "kernel.printk = 7 4 1 3" | sudo tee -a $DIR/etc/sysctl.conf -echo 'debug.exception-trace = 0' | sudo tee -a $DIR/etc/sysctl.conf -echo "net.core.bpf_jit_enable = 1" | sudo tee -a $DIR/etc/sysctl.conf -echo "net.core.bpf_jit_kallsyms = 1" | sudo tee -a $DIR/etc/sysctl.conf -echo "net.core.bpf_jit_harden = 0" | sudo tee -a $DIR/etc/sysctl.conf -echo "kernel.softlockup_all_cpu_backtrace = 1" | sudo tee -a $DIR/etc/sysctl.conf -echo "kernel.kptr_restrict = 0" | sudo tee -a $DIR/etc/sysctl.conf -echo "kernel.watchdog_thresh = 60" | sudo tee -a $DIR/etc/sysctl.conf -echo "net.ipv4.ping_group_range = 0 65535" | sudo tee -a $DIR/etc/sysctl.conf echo -en "127.0.0.1\tlocalhost\n" | sudo tee $DIR/etc/hosts echo "nameserver 8.8.8.8" | sudo tee -a $DIR/etc/resolve.conf echo "syzkaller" | sudo tee $DIR/etc/hostname |